NVD disclosure day

Published threat advisories for December 20, 2023

CVE advisoryCRITICAL

CVE-2023-50992

Tenda i29 Stack Overflow Vulnerability in setPing Function

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical stack overflow vulnerability exists in the `setPing` function of Tenda i29 network devices, allowing unauthenticated attackers to potentially crash or control the device via specially crafted network requests. This could lead to significant disruption of network services.

CVE advisoryCRITICAL

CVE-2023-50989

Tenda i29 Command Injection Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A command injection vulnerability in the Tenda i29 network device's `pingSet` function allows unauthenticated attackers to execute arbitrary commands remotely. This could impact the device's operation and security configuration. Confirming device exposure and criticality is important.

CVE advisoryCRITICAL

CVE-2023-50988

Tenda i29 Buffer Overflow Vulnerability in wifiRadioSetIndoor

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical buffer overflow vulnerability in Tenda i29 devices, specifically within the `wifiRadioSetIndoor` function, could allow unauthenticated remote attackers to execute code. This could disrupt network services and compromise device integrity, posing a risk to data and availability.

CVE advisoryCRITICAL

CVE-2023-50987

Tenda i29 Buffer Overflow Vulnerability in sysTimeInfoSet Function.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A buffer overflow vulnerability exists in Tenda i29 network devices, specifically within the `sysTimeInfoSet` function. If reachable, this flaw could allow an unauthenticated attacker to remotely execute code, potentially compromising device operation and network security. Further information is needed to determine if

CVE advisoryCRITICAL

CVE-2023-50986

Tenda i29 Buffer Overflow Vulnerability in Login Function

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A buffer overflow vulnerability exists in the login function of Tenda i29 devices, potentially allowing an unauthenticated attacker to gain unauthorized access or cause a denial of service. This issue is reachable over a network and could impact device availability.

CVE advisoryCRITICAL

CVE-2023-50985

Tenda i29 Buffer Overflow in lanCfgSet

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A critical buffer overflow vulnerability exists in Tenda i29 network devices. When reachable, this flaw could allow an unauthenticated attacker to potentially gain control of the device by sending a specially crafted network request. The exact impact on service or data is uncertain.

CVE advisoryCRITICAL

CVE-2023-50984

Tenda i29 Buffer Overflow Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Tenda i29 wireless access points contain a buffer overflow vulnerability in the `spdtstConfigAndStart` function that could allow unauthenticated remote attackers to execute arbitrary code. This flaw may impact network service availability. Identifying affected devices and assessing their exposure is necessary.